2024-01-26_1077a3f8379e8b62f6792e3b9c17cf97_icedid | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-26_1077a3f8379e8b62f6792e3b9c17cf97_icedid
Size

2.1MB
MD5

1077a3f8379e8b62f6792e3b9c17cf97
SHA1

01d67f3a17b6ae8f96dc5c8608c5ef0b3da4a610
SHA256

59b09d77a71ed4596e02553854770bf97dde16a9db25ec611f8fbec187e2c528
SHA512

729da407529cd94ab80d4560b08f027653b62f8af2c47332f8bbdde2111835b159cbbf1118876440d75582b796e079f6a7fb8b47b24bfb6e877ef67cc0421b12
SSDEEP

49152:ChrOO53RTqtiLc9IW1dXgfC/MHmgAkXrRokpyfqr:urOO53rc9IW1dXgfC/MHmgZXrRokcCr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-26_1077a3f8379e8b62f6792e3b9c17cf97_icedid

Files

2024-01-26_1077a3f8379e8b62f6792e3b9c17cf97_icedid
.exe windows:4 windows x86 arch:x86

27e7eaa5b46da19b5f74481374a87b1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA

ole32

OleInitialize
OleUninitialize

msvcr80

_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
__set_app_type
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
memset
_encode_pointer

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryPerformanceCounter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ